I have an application which has multiple frontend SPAs (mostly React). They allow the user to sign in if they want to access privileged features, but an unauthenticated user is still able to access the site. Each SPA will access some backend apis using a token if they are authenticated. All of these sites should function transparently when it comes to login, so if you login on one site, it should be automatically propagated to all the sites (SSO)

When a site first loads we want to get the token for the user if they are logged in with SSO. If we use the redirect flow and the user isn't signed in we will end up on the sign in page, which isn't what we want as we allow anonymous access. We only want to show the login page if the user explicitly clicks the login link on a site.

Is there a way to check if the user is logged into sso without redirecting to the login page?

We have looked at ssoSilent (from msal) which functionally does what we want however its only supported via third party cookies which don't work in some browsers.

I have thought perhaps we could redirect to a silent login page which if the user isn't logged in will just redirect back with an anonymous flag in the queryString, but I don't know if theres a way to do this with azure b2c.

CodePudding user response：

The only method is ssoSilent(), or your own implementation of it via iframe. It should work as long as your app is on the same root domain as the AAD B2C login page, which you can do with the Custom Domain feature.

There is no API endpoint available to do what you want.